Make Sense of Your Data

The Windows 2000 event log is a great thing. It’s a standardized way
for applications on a Win2K computer to log information and error messages
for the administrator to resolve. Unfortunately, it’s difficult to manage
the event logs of all of the servers in a large organization. That difficulty
is due, in part, to the sheer number of messages recorded in the average
set of event logs. This is particularly true for organizations that log
a variety of security events.

Aelita’s EventAdmin is designed to help you get a handle on your events.
Like other similar products, EventAdmin allows you to gather information
about the happenings on each server and compile that into one, large database.
Where EventAdmin shows its true value is in generating meaningful ways
to look at the consolidated event data.

The included reporting console allows you to run a variety of reports,
including my favorite, “Events by MSDN article,” which helps you identify
the resources you should review to resolve errors occurring on the network.
Other predefined reports include the number of reboots a server has undergone,
license manager warnings, performance data and problems by computer.

Perhaps one of the most interesting ways EventAdmin helps you make sense
of all of the event data is by allowing you to use the high-powered Online
Analytical Processing (OLAP) tools included with SQL Server. OLAP allows
you to view data in a high-level, cross-tab format and drill down into
more detail. OLAP works by providing a series of dimensions or criteria
that can be placed in either rows or columns. Each dimension can be collapsed
or expanded. For instance, you can view the results of a query for all
of the computers by domain or you can expand the dimension to the computers
in the domain to see a computer-by-computer breakdown.

EventAdmin even allows periodic queries to be run against the database
of events, the results of which can be sent via e-mail, pager, network
message, SNMP trap, or a custom program. This is great for sending daily
or weekly status reports on the health of the network. However, this isn’t
the kind of instant monitoring and notification you might find in other
event log management products. It looks back at the database of events
over a period of time. This means that it doesn’t support instant notification
of events; rather, it supports summarized reporting of the events that
have been logged.

EventAdmin can help you determine the root cause of
entries in your event logs. (Click image to view larger version.)

The biggest problem with EventAdmin today is that the documentation and
online help leave a lot to be desired. Trying to figure out the product
is more like exploring a new land than following a map. The product itself
is robust enough to automatically create or rebuild the things it needs
in most cases. This allows you to stumble through without too many errors.
I had to call technical support to figure out how to create the OLAP database,
but the process of creating the database itself was simple when I understood
how to do it.

EventAdmin is a must for those organizations with multiple servers, particularly
when many security events are audited. EventAdmin truly makes it easy
to reduce the number of events in the event log and to resolve reoccurring
problems.

About the Author

Robert Bogue, MCSE, has contributed to more than 100 book projects and
numerous other publishing projects. Robert is a technical consultant for
Crowe Chizek in Indianapolis. His latest book is Mobilize Yourself! The Microsoft
Guide to Mobile Technology (is available wherever books are sold. He is also a frequent contributor to CertCities.com.